Qualcomm developing Eudora email bug patch

Qualcomm said it was at work fixing a security flaw in its Eudora Pro email application that could expose computers to attack.

Current versions of Eudora are vulnerable to buffer overflow attacks, Qualcomm said. Called the most common security vulnerability of the past 10 years, a buffer overflow bug can provide an entry point for malicious code sent over a computer network.

In a buffer overflow, an application's entry field--an address bar, for instance--has the capacity for a certain number of characters. If the software is improperly coded, strings that exceed the limit will crash the application, often sending the excess code into memory where it can be executed upon restarting the computer.

Qualcomm downplayed the importance of the current buffer overflow problem in Eudora.

"An exploit would be very, very hard for someone to successfully implement," a Qualcomm representative said. "You'd almost have to have the (Eudora) source code. But that doesn't mean it shouldn't be fixed, and it will be."

Qualcomm will patch the hole in its next minor point release of Eudora Pro, Version 4.3.2, due in a matter of days. That release will also squash a bug reported last month that
involves warnings that should accompany email attachments.